Social authentication

ABSTRACT

In one embodiment, a method includes providing for presentation to a user a number of content objects. Some of the content objects are socially relevant to the user and some of the content objects are socially irrelevant to the user. The method also includes receiving input indicating a selection of one of the content objects by the user; determining whether the content object selected by the user is socially relevant to the user; authenticating the user if the content object selected by the user is socially relevant to the user; and declining to authenticate the user if the content object selected by the user is socially irrelevant to the user.

TECHNICAL FIELD

This disclosure generally relates to mobile devices.

BACKGROUND

A social-networking system, which may include a social-networkingwebsite, may enable its users (such as persons or organizations) tointeract with it and with each other through it. The social-networkingsystem may, with input from a user, create and store in thesocial-networking system a user profile associated with the user. Theuser profile may include demographic information, communication-channelinformation, and information on personal interests of the user. Thesocial-networking system may also, with input from a user, create andstore a record of relationships of the user with other users of thesocial-networking system, as well as provide services (e.g. wall posts,photo-sharing, event organization, messaging, games, or advertisements)to facilitate social interaction between or among users.

The social-networking system may transmit over one or more networkscontent or messages related to its services to a mobile or othercomputing device of a user. A user may also install softwareapplications on a mobile or other computing device of the user foraccessing a user profile of the user and other data within thesocial-networking system. The social-networking system may generate apersonalized set of content objects to display to a user, such as anewsfeed of aggregated stories of other users connected to the user.

A mobile computing device—such as a smartphone, tablet computer, orlaptop computer—may include functionality for determining its location,direction, or orientation, such as a GPS receiver, compass, orgyroscope. Such a device may also include functionality for wirelesscommunication, such as BLUETOOTH communication, near-field communication(NFC), or infrared (IR) communication or communication with a wirelesslocal area networks (WLANs) or cellular-telephone network. Such a devicemay also include one or more cameras, scanners, touchscreens,microphones, or speakers. Mobile computing devices may also executesoftware applications, such as games, web browsers, or social-networkingapplications. With social-networking applications, users may connect,communicate, and share information with other users in their socialnetworks.

SUMMARY OF PARTICULAR EMBODIMENTS

In particular embodiments, the user may be authenticated based oninformation associated with the social graph of the user. In particularembodiments, the user may select or tap on one or more profile photos offriends from among a facepile that also includes photos of random users,displayed on the mobile device or web browser. Other examples of socialauthentication may be selecting one or more status updates made by theuser from a set of random status updates, selecting check-in locationsposted by the user, selecting photos uploaded by the user, selectingcommunities or groups of the user, etc. or any combination of these. Inparticular embodiments, the user may gain access to the social networkthrough a web browser or unlock a mobile device based on theauthentication.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example network environment associated with asocial-networking system.

FIG. 2A illustrates an example mobile device.

FIG. 2B illustrates an example wireframe of an example socialauthentication view.

FIG. 3 illustrates an example method for authenticating a user based oncontent objects socially relevant to the user.

FIG. 4 illustrates an example method for authenticating a user based oncontent objects socially relevant to the user provided by a servercomputing device.

FIG. 5 illustrates an example social graph.

FIG. 6 illustrates an example computing system.

DESCRIPTION OF EXAMPLE EMBODIMENTS

FIG. 1 illustrates an example network environment 100 associated with asocial-networking system. Network environment 100 includes a user 101, aclient system 130, a social-networking system 160, and a third-partysystem 170 connected to each other by a network 110. Although FIG. 1illustrates a particular arrangement of user 101, client system 130,social-networking system 160, third-party system 170, and network 110,this disclosure contemplates any suitable arrangement of user 101,client system 130, social-networking system 160, third-party system 170,and network 110. As an example and not by way of limitation, two or moreof client system 130, social-networking system 160, and third-partysystem 170 may be connected to each other directly, bypassing network110. As another example, two or more of client system 130,social-networking system 160, and third-party system 170 may bephysically or logically co-located with each other in whole or in part.Moreover, although FIG. 1 illustrates a particular number of users 101,client systems 130, social-networking systems 160, third-party systems170, and networks 110, this disclosure contemplates any suitable numberof users 101, client systems 130, social-networking systems 160,third-party systems 170, and networks 110. As an example and not by wayof limitation, network environment 100 may include multiple users 101,client system 130, social-networking systems 160, third-party systems170, and networks 110.

In particular embodiments, user 101 may be an individual (human user),an entity (e.g. an enterprise, business, or third-party application), ora group (e.g. of individuals or entities) that interacts or communicateswith or over social-networking system 160. In particular embodiments,social-networking system 160 may be a network-addressable computingsystem hosting an online social network. Social-networking system 160may generate, store, receive, and send social-networking data, such as,for example, user-profile data, concept-profile data, social-graphinformation, or other suitable data related to the online socialnetwork. Social-networking system 160 may be accessed by the othercomponents of network environment 100 either directly or via network110. In particular embodiments, social-networking system 160 may includean authorization server that allows users 101 to opt in or opt out ofhaving their actions logged by social-networking system 160 or sharedwith other systems (e.g. third-party systems 170), such as, for example,by setting appropriate privacy settings. Third-party system 170 may beaccessed by the other components of network environment 100 eitherdirectly or via network 110. In particular embodiments, one or moreusers 101 may use one or more client systems 130 to access, send datato, and receive data from social-networking system 160 or third-partysystem 170. Client system 130 may access social-networking system 160 orthird-party system 170 directly, via network 110, or via a third-partysystem. As an example and not by way of limitation, client system 130may access third-party system 170 via social-networking system 160.

Social-networking system 160 may prevent unauthorized usage ofsocial-networking system 160 or third-party system 170 by authenticatingusers of social-networking system 160 or third-party system 170. Inparticular embodiments, user 101 may be authenticated based at least inpart on the user selecting content objects that are socially relevant orsocially irrelevant to user 101, described below. Herein, reference tosocial relevant content objects may encompass any suitable contentobject associated with user 101 or another user with a relationship withuser 101 as described below. As an example and not by way of limitation,social-networking system 160 or third-party system 170 may select agroup of content objects and send data corresponding to the group ofcontent objects to client system 130. Moreover, social-networking systemmay select one or more of the content objects for the group that aresocially relevant to user 101 and one or more of the content objects forthe group are socially irrelevant to user 101 based at least in part onsocial-graph information associated with user 101. As an example and notby way of limitation, user 101 may be authenticated based at least inpart on selecting the content objects that are socially relevant to user101 from among a group of content objects. As another example, user 101may be authenticated based at least in part on selecting the contentobjects that are socially irrelevant to user 101 from among a group ofcontent objects.

The authorization server of social-networking system 160 may be used toenforce one or more privacy settings of the users of social-networkingsystem 160. A privacy setting of a user determines how particularinformation or content objects associated with the user can be shared.In particular embodiments, the selection of the content objects bysocial-networking system 160 for authenticating users may constrained bythe privacy settings of the users of social-networking system 160. As anexample and not by way of limitation, social-networking system 160 mayrestrict selection of content objects to content objects set for publicsharing.

Client system 130 may be any suitable computing device, such as, forexample, a personal computer, a laptop computer, a cellular telephone, asmartphone, or a tablet computer. As described below, a displayassociated with client system 130 may be locked and user 101 deniedaccess to one or more functionality of client system 130 for securityreasons as well as to save power. As an example and not by way oflimitation, when client system 130 has not been used for apre-determined period of time, client system 130 may automatically enterinto a power-saving mode that darkens the display to save power andblocks interaction with client system 130 to prevent unauthorized usageor accidental input. In particular embodiments, some users may choose toprotect client system 130 from unauthorized usage and authenticate user101 by requiring security codes to unlock client system 130 in order tointeract with client system 130, while other users may not. Inparticular embodiments, user 101 may be authenticated and client system130 unlocked based at least in part on user 101 selecting one or morecontent objects socially relevant or one or more content objectssocially irrelevant to user 101, as described below.

This disclosure contemplates any suitable network 110. As an example andnot by way of limitation, one or more portions of network 110 mayinclude an ad hoc network, an intranet, an extranet, a virtual privatenetwork (VPN), a local area network (LAN), a wireless LAN (WLAN), a widearea network (WAN), a wireless WAN (WWAN), a metropolitan area network(MAN), a portion of the Internet, a portion of the Public SwitchedTelephone Network (PSTN), a cellular telephone network, or a combinationof two or more of these. Network 110 may include one or more networks110.

Links 150 may connect client system 130, social-networking system 160,and third-party system 170 to communication network 110 or to eachother. This disclosure contemplates any suitable links 150. Inparticular embodiments, one or more links 150 include one or morewireline (such as for example Digital Subscriber Line (DSL) or Data OverCable Service Interface Specification (DOCSIS)), wireless (such as forexample Wi-Fi or Worldwide Interoperability for Microwave Access(WiMAX)), or optical (such as for example Synchronous Optical Network(SONET) or Synchronous Digital Hierarchy (SDH)) links. In particularembodiments, one or more links 150 each include an ad hoc network, anintranet, an extranet, a VPN, a LAN, a WLAN, a WAN, a WWAN, a MAN, aportion of the Internet, a portion of the PSTN, a cellulartechnology-based network, a satellite communications technology-basednetwork, another link 150, or a combination of two or more such links150. Links 150 need not necessarily be the same throughout networkenvironment 100. One or more first links 150 may differ in one or morerespects from one or more second links 150.

FIG. 2A illustrates an example mobile device. In particular embodiments,the client system may be a mobile device 10 as described above. Thisdisclosure contemplates mobile device 10 taking any suitable physicalform. In particular embodiments, mobile device 10 may be a computingsystem as described below. As example and not by way of limitation,mobile device 10 may be a single-board computer system (SBC) (such as,for example, a computer-on-module (COM) or system-on-module (SOM)), alaptop or notebook computer system, a mobile telephone, a smartphone, apersonal digital assistant (PDA), a tablet computer system, or acombination of two or more of these. In particular embodiments, mobiledevice 10 may have a touch sensor 12 as an input component. In theexample of FIG. 2, touch sensor 12 is incorporated on a front surface ofmobile device 10. In the case of capacitive touch sensors, there may betwo types of electrodes: transmitting and receiving. These electrodesmay be connected to a controller designed to drive the transmittingelectrodes with electrical pulses and measure the changes in capacitancefrom the receiving electrodes caused by a touch or proximity input. Inthe example of FIG. 2, one or more antennae 14A-B may be incorporatedinto one or more sides of mobile device 10. Antennae 14A-B arecomponents that convert electric current into radio waves, and viceversa. During transmission of signals, a transmitter applies anoscillating radio frequency (RF) electric current to terminals ofantenna 14A-B, and antenna 14A-B radiates the energy of the applied thecurrent as electromagnetic (EM) waves. During reception of signals,antennae 14A-B convert the power of an incoming EM wave into a voltageat the terminals of antennae 14A-B. The voltage may be transmitted to areceiver for amplification.

Mobile device many include a communication component coupled to antennae14A-B for communicating with an Ethernet or other wire-based network ora wireless NIC (WNIC), wireless adapter for communicating with awireless network, such as for example a WI-FI network or modem forcommunicating with a cellular network, such third generation mobiletelecommunications (3G), or Long Term Evolution (LTE) network. Thisdisclosure contemplates any suitable network and any suitablecommunication component for it. As an example and not by way oflimitation, mobile device 10 may communicate with an ad hoc network, apersonal area network (PAN), a local area network (LAN), a wide areanetwork (WAN), a metropolitan area network (MAN), or one or moreportions of the Internet or a combination of two or more of these. Oneor more portions of one or more of these networks may be wired orwireless. As another example, mobile device 10 may communicate with awireless PAN (WPAN) (such as, for example, a BLUETOOTH WPAN), a WI-FInetwork, a WI-MAX network, a cellular telephone network (such as, forexample, a Global System for Mobile Communications (GSM), 3G, or LTEnetwork), or other suitable wireless network or a combination of two ormore of these. Mobile device 10 may include any suitable communicationcomponent for any of these networks, where appropriate.

As described above, the user may be authenticated based at least in parton the user selecting one or more content objects that are sociallyrelevant or one or more content objects that are socially irrelevant tothe user. In particular embodiments, mobile device 10 may be lockedpreventing interaction with mobile device 10. Alternatively, a user ofmobile device 10 may manually lock mobile device 10 by, for example,pushing a preset key or button or performing a predefined gesturedetected by the touch sensor of mobile device 10. As described above,authentication of the user and unlocking mobile device 10 may beperformed based at least in part on the user selecting content objectssocially relevant or selecting content objects socially irrelevant tothe user based at least in part on social-graph information associatedwith the user. As an example and not by way of limitation, contentobjects may include images, videos, audios, feeds, photo albums, posts,check-in locations, or messages. Although this disclosure describesauthentication of the user through particular client systems, thisdisclosure contemplates authentication the user through any suitableclient system, such as for example, a personal computer or tabletcomputer.

As described above, mobile device 10 may communicate with asocial-networking system through a wired or wireless network. Inparticular embodiments, mobile device 10 may receive data correspondingto a group of content objects from the social-networking system througha communication network. In particular embodiments, upon powering up,mobile device 10 may communicate with the social-networking system orthird-party system and dynamically request a group of content objectsstored on the social-networking system. As described above, one or moreof the content objects in the group are socially relevant to the userbased at least in part on social-graph information associated with theuser, such as for example, a name or a profile photo of another userhaving a “friend” relationship to the user. One or more of the contentobjects in group are socially irrelevant to the user based at least inpart on the social-graph information, such as for example, a profilephoto of another user with no relationship with the user. In particularembodiments, the content objects corresponding to the data received fromthe social-networking system may be presented on the display of mobiledevice 10.

FIG. 2B illustrates an example wireframe of an example socialauthentication view. In particular embodiments, the user may berequested to select one or more content objects socially relevant to theuser from the content objects that are socially irrelevant to the user.As an example and not by way of limitation, the user may be requested toselect one or more content objects socially relevant to the user fromthe group of displayed content objects, such as for example a photo(e.g. as a “facepile” 50) or status update, posted by the user. Asanother example, the user may be requested to select one or more contentobjects socially relevant to the user from the group of displayedcontent objects, such as for example a photo or status update, posted bythe user. The socially irrelevant content objects may be associated withanother user that does not have a relationship with the user or may becontent objects chosen at random by the social-networking system. Inparticular embodiments, the user may be requested to select one or morecontent objects socially irrelevant to the user from the content objectsthat are socially relevant to the user. In the example of FIG. 2B, afacepile 50 of profile pictures is displayed in a display area 54 ofmobile device 10. Although this disclosure illustrates and describesdisplay of content objects in a display area of a particular number ofpages, this disclosure contemplates display of content objects in thedisplay area of any suitable number of pages. Furthermore, although thisdisclosure describes authentication of the user through particularcontent objects socially relevant to the user, this disclosurecontemplates authentication the user through any suitable content objectthat is socially relevant to the user, such as for example, a name ofanother user, profile photos of another user, status updates, photosuploaded by the user, check-in locations posted by the user, videouploaded by the user, communities or groups associated with the user, orany combination thereof. In particular embodiments, if mobile device 10has accessed content objects from the social-networking system within apre-determined amount of time (e.g. within ten minutes), then mobiledevice 10 may use the content objects previously received from thesocial-networking system.

In particular embodiments, mobile device 10 may determine whether one ormore of the content objects selected by the user are socially relevantto the user. In other particular embodiments, mobile device 10 maydetermine whether one or more of the content objects selected by theuser are socially irrelevant to the user. The user may provide input(e.g. tapping on the display of mobile device 10) to select one or moreof the displayed content objects. As an example and not by way oflimitation, the user may be prompted to select one or more profilephotos displayed in the facepile 50 that are social relevant to the user(i.e. are a “friend” of the user). As described above, data indicatingthe selection by the user of one or more of the displayed contentobjects may be sent to the social-networking system or third-partysystem. The social-networking system may determine whether the selectioncorresponds to the content objects associated with the user based onsocial-graph information. As described above, mobile device 10 mayreceive data indicating whether the selected content object is sociallyrelevant or socially irrelevant to the user. In particular embodiments,authentication of the user by mobile device 10 may be based at least inpart on the indication from the social-networking system that thecontent object selected by the user is socially relevant to the user. Asan example and not by way of limitation, the social-networking systemmay provide an indication to mobile device 10 that one of more profilephotos of facepile 50 selected by the user is a “friend” of the user.Although this disclosure describes a particular computing systemdetermining whether the content object selected by the user is sociallyrelevant, this disclosure contemplates determining whether the contentobject selected by the user is socially relevant being performed by anysuitable computing system, such as for example, a third-party system ora client computing system.

In particular embodiments, the user may access one or morefunctionalities of mobile device 10 based at least in part on theauthentication by the social-networking system, as described above. Asan example and not by way of limitation, the display of mobile devicemay present an application launcher and the user may interact withmobile device 10 through the touch sensor based on the authentication.In particular embodiments, the user may access the social-networkingsystem based at least in part on the authentication. As an example andnot by way of limitation, the user may access the social-networkingsystem using a web browser executed on mobile device 10. As describedabove, the social-networking system may prevent unauthorized usage byrequiring the user to perform the authentication procedure, as describedabove. As an example and not by way of limitation, when accessing thesocial-networking system through a web browser executed on mobile device10, a list of status updates may displayed on the web browser. Access tothe social-networking system may be provided based at least in part onthe user correctly selecting the status updates socially relevant to theuser from among the status updates displayed on the web browser.

FIG. 3 illustrates an example method for authentication based on a userselecting content objects socially relevant to the user. The method maystart at step 300, where a computing device provides for presentation toa user a plurality of content objects. In particular embodiments, one ormore of the content objects are socially relevant to the user based atleast in part on social-graph information associated with the user. Inparticular embodiments, one or more of the content objects are sociallyirrelevant to the user. At step 302, the computing device receives inputindicating a selection by the user of one of the content objects. Step304 determines whether the content object selected by the user issocially relevant to the user. Step 306 authenticates the user if thecontent object selected by the user is socially relevant to the user. Atstep 308, the computing device declines to authenticate the user if thecontent object selected by the user is socially irrelevant to the user,at which point the method may end. Although this disclosure describesand illustrates particular steps of the method of FIG. 3 as occurring ina particular order, this disclosure contemplates any suitable steps ofthe method of FIG. 3 occurring in any suitable order. Moreover, althoughthis disclosure describes and illustrates particular components carryingout particular steps of the method of FIG. 3, this disclosurecontemplates any suitable combination of any suitable componentscarrying out any suitable steps of the method of FIG. 3.

FIG. 4 illustrates an example method for authentication based on a userselecting content objects socially relevant to the user provided by aserver computing device. The method may start at step 320, where aserver computing device sends data to a client computing devicecorresponding to a plurality of content objects. In particularembodiments, one or more of the content objects are socially relevant tothe user based at least in part on social-graph information associatedwith the user. In particular embodiments, one or more of the contentobjects are socially irrelevant to the user. Step 322 receives inputfrom the client computing device indicating a selection by the user ofone or more of the content objects. At step 324, the server computingdevice sends an indication to the client computing device of whether thecontent objects selected by the user are socially relevant to the user,at which point the method may end. In particular embodiments, the useris authenticated by the client computing device based at least in parton whether the content object selected by the user is socially relevantto the user. Although this disclosure describes and illustratesparticular steps of the method of FIG. 4 as occurring in a particularorder, this disclosure contemplates any suitable steps of the method ofFIG. 4 occurring in any suitable order. Moreover, although thisdisclosure describes and illustrates particular components carrying outparticular steps of the method of FIG. 4, this disclosure contemplatesany suitable combination of any suitable components carrying out anysuitable steps of the method of FIG. 4.

FIG. 5 illustrates an example social graph. In particular embodiments,social-networking system 160 may store one or more social graphs 200 inone or more data stores. In particular embodiments, social graph 200 mayinclude multiple nodes—which may include multiple user nodes 202 ormultiple concept nodes 204—and multiple edges 206 connecting the nodes.Example social graph 200 illustrated in FIG. 5 is shown, for didacticpurposes, in a two-dimensional visual map representation. In particularembodiments, a social-networking system 160, client system 130, orthird-party system 170 may access social graph 200 and relatedsocial-graph information for suitable applications. The nodes and edgesof social graph 200 may be stored as data objects, for example, in adata store (such as a social-graph database). Such a data store mayinclude one or more searchable or queryable indexes of nodes or edges ofsocial graph 200.

In particular embodiments, a user node 202 may correspond to a user ofsocial-networking system 160. As an example and not by way oflimitation, a user may be an individual (human user), an entity (e.g. anenterprise, business, or third-party application), or a group (e.g. ofindividuals or entities) that interacts or communicates with or oversocial-networking system 160. In particular embodiments, when a userregisters for an account with social-networking system 160,social-networking system 160 may create a user node 202 corresponding tothe user, and store the user node 202 in one or more data stores. Usersand user nodes 202 described herein may, where appropriate, refer toregistered users and user nodes 202 associated with registered users. Inaddition or as an alternative, users and user nodes 202 described hereinmay, where appropriate, refer to users that have not registered withsocial-networking system 160. In particular embodiments, a user node 202may be associated with information provided by a user or informationgathered by various systems, including social-networking system 160. Asan example and not by way of limitation, a user may provide his or hername, profile picture, contact information, birth date, sex, maritalstatus, family status, employment, education background, preferences,interests, or other demographic information. In particular embodiments,a user node 202 may be associated with one or more data objectscorresponding to information associated with a user. In particularembodiments, a user node 202 may correspond to one or more webpages.

In particular embodiments, a concept node 204 may correspond to aconcept. As an example and not by way of limitation, a concept maycorrespond to a place (such as, for example, a movie theater,restaurant, landmark, or city); a website (such as, for example, awebsite associated with social-network system 160 or a third-partywebsite associated with a web-application server); an entity (such as,for example, a person, business, group, sports team, or celebrity); aresource (such as, for example, an audio file, video file, digitalphoto, text file, structured document, or application) which may belocated within social-networking system 160 or on an external server,such as a web-application server; real or intellectual property (suchas, for example, a sculpture, painting, movie, game, song, idea,photograph, or written work); a game; an activity; an idea or theory;another suitable concept; or two or more such concepts. A concept node204 may be associated with information of a concept provided by a useror information gathered by various systems, including social-networkingsystem 160. As an example and not by way of limitation, information of aconcept may include a name or a title; one or more images (e.g. an imageof the cover page of a book); a location (e.g. an address or ageographical location); a website (which may be associated with a URL);contact information (e.g. a phone number or an email address); othersuitable concept information; or any suitable combination of suchinformation. In particular embodiments, a concept node 204 may beassociated with one or more data objects corresponding to informationassociated with concept node 204. In particular embodiments, a conceptnode 204 may correspond to one or more webpages.

In particular embodiments, a node in social graph 200 may represent orbe represented by a webpage (which may be referred to as a “profilepage”). Profile pages may be hosted by or accessible tosocial-networking system 160. Profile pages may also be hosted onthird-party websites associated with a third-party server 170. As anexample and not by way of limitation, a profile page corresponding to aparticular external webpage may be the particular external webpage andthe profile page may correspond to a particular concept node 204.Profile pages may be viewable by all or a selected subset of otherusers. As an example and not by way of limitation, a user node 202 mayhave a corresponding user-profile page in which the corresponding usermay add content, make declarations, or otherwise express himself orherself. As another example and not by way of limitation, a concept node204 may have a corresponding concept-profile page in which one or moreusers may add content, make declarations, or express themselves,particularly in relation to the concept corresponding to concept node204.

In particular embodiments, a concept node 204 may represent athird-party webpage or resource hosted by a third-party system 170. Thethird-party webpage or resource may include, among other elements,content, a selectable or other icon, or other inter-actable object(which may be implemented, for example, in JavaScript, AJAX, or PHPcodes) representing an action or activity. As an example and not by wayof limitation, a third-party webpage may include a selectable icon suchas “like,” “check in,” “eat,” “recommend,” or another suitable action oractivity. A user viewing the third-party webpage may perform an actionby selecting one of the icons (e.g. “eat”), causing a client system 130to transmit to social-networking system 160 a message indicating theuser's action. In response to the message, social-networking system 160may create an edge (e.g. an “eat” edge) between a user node 202corresponding to the user and a concept node 204 corresponding to thethird-party webpage or resource and store edge 206 in one or more datastores.

In particular embodiments, a pair of nodes in social graph 200 may beconnected to each other by one or more edges 206. An edge 206 connectinga pair of nodes may represent a relationship between the pair of nodes.In particular embodiments, an edge 206 may include or represent one ormore data objects or attributes corresponding to the relationshipbetween a pair of nodes. As an example and not by way of limitation, afirst user may indicate that a second user is a “friend” of the firstuser. In response to this indication, social-networking system 160 maytransmit a “friend request” to the second user. If the second userconfirms the “friend request,” social-networking system 160 may createan edge 206 connecting the first user's user node 202 to the seconduser's user node 202 in social graph 200 and store edge 206 associal-graph information in one or more of data stores 24. In theexample of FIG. 5, social graph 200 includes an edge 206 indicating afriend relation between user nodes 202 of user “A” and user “B” and anedge indicating a friend relation between user nodes 202 of user “C” anduser “B.” Although this disclosure describes or illustrates particularedges 206 with particular attributes connecting particular user nodes202, this disclosure contemplates any suitable edges 206 with anysuitable attributes connecting user nodes 202. As an example and not byway of limitation, an edge 206 may represent a friendship, familyrelationship, business or employment relationship, fan relationship,follower relationship, visitor relationship, subscriber relationship,superior/subordinate relationship, reciprocal relationship,non-reciprocal relationship, another suitable type of relationship, ortwo or more such relationships. Moreover, although this disclosuregenerally describes nodes as being connected, this disclosure alsodescribes users or concepts as being connected. Herein, references tousers or concepts being connected may, where appropriate, refer to thenodes corresponding to those users or concepts being connected in socialgraph 200 by one or more edges 206.

In particular embodiments, an edge 206 between a user node 202 and aconcept node 204 may represent a particular action or activity performedby a user associated with user node 202 toward a concept associated witha concept node 204. As an example and not by way of limitation, asillustrated in FIG. 5, a user may “like,” “attended,” “played,”“listened,” “cooked,” “worked at,” or “watched” a concept, each of whichmay correspond to a edge type or subtype. A concept-profile pagecorresponding to a concept node 204 may include, for example, aselectable “check in” icon (such as, for example, a clickable “check in”icon) or a selectable “add to favorites” icon. Similarly, after a userclicks these icons, social-networking system 160 may create a “favorite”edge or a “check in” edge in response to a user's action correspondingto a respective action. As another example and not by way of limitation,a user (user “C”) may listen to a particular song (“Ramble On”) using aparticular application (SPOTIFY, which is an online music application).In this case, social-networking system 160 may create a “listened” edge206 and a “used” edge (as illustrated in FIG. 5) between user nodes 202corresponding to the user and concept nodes 204 corresponding to thesong and application to indicate that the user listened to the song andused the application. Moreover, social-networking system 160 may createa “played” edge 206 (as illustrated in FIG. 5) between concept nodes 204corresponding to the song and the application to indicate that theparticular song was played by the particular application. In this case,“played” edge 206 corresponds to an action performed by an externalapplication (SPOTIFY) on an external audio file (the song “Imagine”).Although this disclosure describes particular edges 206 with particularattributes connecting user nodes 202 and concept nodes 204, thisdisclosure contemplates any suitable edges 206 with any suitableattributes connecting user nodes 202 and concept nodes 204. Moreover,although this disclosure describes edges between a user node 202 and aconcept node 204 representing a single relationship, this disclosurecontemplates edges between a user node 202 and a concept node 204representing one or more relationships. As an example and not by way oflimitation, an edge 206 may represent both that a user likes and hasused at a particular concept. Alternatively, another edge 206 mayrepresent each type of relationship (or multiples of a singlerelationship) between a user node 202 and a concept node 204 (asillustrated in FIG. 5 between user node 202 for user “E” and conceptnode 204 for “SPOTIFY”).

In particular embodiments, social-networking system 160 may create anedge 206 between a user node 202 and a concept node 204 in social graph200. As an example and not by way of limitation, a user viewing aconcept-profile page (such as, for example, by using a web browser or aspecial-purpose application hosted by the user's client system 130) mayindicate that he or she likes the concept represented by the conceptnode 204 by clicking or selecting a “Like” icon, which may cause theuser's client system 130 to transmit to social-networking system 160 amessage indicating the user's liking of the concept associated with theconcept-profile page. In response to the message, social-networkingsystem 160 may create an edge 206 between user node 202 associated withthe user and concept node 204, as illustrated by “like” edge 206 betweenthe user and concept node 204. In particular embodiments,social-networking system 160 may store an edge 206 in one or more datastores. In particular embodiments, an edge 206 may be automaticallyformed by social-networking system 160 in response to a particular useraction. As an example and not by way of limitation, if a first useruploads a picture, watches a movie, or listens to a song, an edge 206may be formed between user node 202 corresponding to the first user andconcept nodes 204 corresponding to those concepts. Although thisdisclosure describes forming particular edges 206 in particular manners,this disclosure contemplates forming any suitable edges 206 in anysuitable manner.

FIG. 6 illustrates example computing system. In particular embodiments,one or more computer systems 60 perform one or more steps of one or moremethods described or illustrated herein. In particular embodiments, oneor more computer systems 60 provide functionality described orillustrated herein. In particular embodiments, software running on oneor more computer systems 60 performs one or more steps of one or moremethods described or illustrated herein or provides functionalitydescribed or illustrated herein. Particular embodiments include one ormore portions of one or more computer systems 60. Herein, reference to acomputer system may encompass a computing device, where appropriate.Moreover, reference to a computer system may encompass one or morecomputer systems, where appropriate.

This disclosure contemplates any suitable number of computer systems 60.This disclosure contemplates computer system 60 taking any suitablephysical form. As example and not by way of limitation, computer system60 may be an embedded computer system, a system-on-chip (SOC), asingle-board computer system (SBC) (such as, for example, acomputer-on-module (COM) or system-on-module (SOM)), a desktop computersystem, a laptop or notebook computer system, an interactive kiosk, amainframe, a mesh of computer systems, a mobile telephone, a personaldigital assistant (PDA), a server, a tablet computer system, or acombination of two or more of these. Where appropriate, computer system60 may include one or more computer systems 60; be unitary ordistributed; span multiple locations; span multiple machines; spanmultiple data centers; or reside in a cloud, which may include one ormore cloud components in one or more networks. Where appropriate, one ormore computer systems 60 may perform without substantial spatial ortemporal limitation one or more steps of one or more methods describedor illustrated herein. As an example and not by way of limitation, oneor more computer systems 60 may perform in real time or in batch modeone or more steps of one or more methods described or illustratedherein. One or more computer systems 60 may perform at different timesor at different locations one or more steps of one or more methodsdescribed or illustrated herein, where appropriate.

In particular embodiments, computer system 60 includes a processor 62,memory 64, storage 66, an input/output (I/O) interface 68, acommunication interface 70, and a bus 72. Although this disclosuredescribes and illustrates a particular computer system having aparticular number of particular components in a particular arrangement,this disclosure contemplates any suitable computer system having anysuitable number of any suitable components in any suitable arrangement.

In particular embodiments, processor 62 includes hardware for executinginstructions, such as those making up a computer program. As an exampleand not by way of limitation, to execute instructions, processor 62 mayretrieve (or fetch) the instructions from an internal register, aninternal cache, memory 64, or storage 66; decode and execute them; andthen write one or more results to an internal register, an internalcache, memory 64, or storage 66. In particular embodiments, processor 62may include one or more internal caches for data, instructions, oraddresses. This disclosure contemplates processor 62 including anysuitable number of any suitable internal caches, where appropriate. Asan example and not by way of limitation, processor 62 may include one ormore instruction caches, one or more data caches, and one or moretranslation lookaside buffers (TLBs). Instructions in the instructioncaches may be copies of instructions in memory 64 or storage 66, and theinstruction caches may speed up retrieval of those instructions byprocessor 62. Data in the data caches may be copies of data in memory 64or storage 66 for instructions executing at processor 62 to operate on;the results of previous instructions executed at processor 62 for accessby subsequent instructions executing at processor 62 or for writing tomemory 64 or storage 66; or other suitable data. The data caches mayspeed up read or write operations by processor 62. The TLBs may speed upvirtual-address translation for processor 62. In particular embodiments,processor 62 may include one or more internal registers for data,instructions, or addresses. This disclosure contemplates processor 62including any suitable number of any suitable internal registers, whereappropriate. Where appropriate, processor 62 may include one or morearithmetic logic units (ALUs); be a multi-core processor; or include oneor more processors 62. Although this disclosure describes andillustrates a particular processor, this disclosure contemplates anysuitable processor.

In particular embodiments, memory 64 includes main memory for storinginstructions for processor 62 to execute or data for processor 62 tooperate on. As an example and not by way of limitation, computer system60 may load instructions from storage 66 or another source (such as, forexample, another computer system 60) to memory 64. Processor 62 may thenload the instructions from memory 64 to an internal register or internalcache. To execute the instructions, processor 62 may retrieve theinstructions from the internal register or internal cache and decodethem. During or after execution of the instructions, processor 62 maywrite one or more results (which may be intermediate or final results)to the internal register or internal cache. Processor 62 may then writeone or more of those results to memory 64. In particular embodiments,processor 62 executes only instructions in one or more internalregisters or internal caches or in memory 64 (as opposed to storage 66or elsewhere) and operates only on data in one or more internalregisters or internal caches or in memory 64 (as opposed to storage 66or elsewhere). One or more memory buses (which may each include anaddress bus and a data bus) may couple processor 62 to memory 64. Bus 72may include one or more memory buses, as described below. In particularembodiments, one or more memory management units (MMUs) reside betweenprocessor 62 and memory 64 and facilitate accesses to memory 64requested by processor 62. In particular embodiments, memory 64 includesrandom access memory (RAM). This RAM may be volatile memory, whereappropriate Where appropriate, this RAM may be dynamic RAM (DRAM) orstatic RAM (SRAM). Moreover, where appropriate, this RAM may besingle-ported or multi-ported RAM. This disclosure contemplates anysuitable RAM. Memory 64 may include one or more memories 64, whereappropriate. Although this disclosure describes and illustratesparticular memory, this disclosure contemplates any suitable memory.

In particular embodiments, storage 66 includes mass storage for data orinstructions. As an example and not by way of limitation, storage 66 mayinclude a hard disk drive (HDD), a floppy disk drive, flash memory, anoptical disc, a magneto-optical disc, magnetic tape, or a UniversalSerial Bus (USB) drive or a combination of two or more of these. Storage66 may include removable or non-removable (or fixed) media, whereappropriate. Storage 66 may be internal or external to computer system60, where appropriate. In particular embodiments, storage 66 isnon-volatile, solid-state memory. In particular embodiments, storage 66includes read-only memory (ROM). Where appropriate, this ROM may bemask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM),electrically erasable PROM (EEPROM), electrically alterable ROM (EAROM),or flash memory or a combination of two or more of these. Thisdisclosure contemplates mass storage 66 taking any suitable physicalform. Storage 66 may include one or more storage control unitsfacilitating communication between processor 62 and storage 66, whereappropriate. Where appropriate, storage 66 may include one or morestorages 66. Although this disclosure describes and illustratesparticular storage, this disclosure contemplates any suitable storage.

In particular embodiments, I/O interface 68 includes hardware, software,or both providing one or more interfaces for communication betweencomputer system 60 and one or more I/O devices. Computer system 60 mayinclude one or more of these I/O devices, where appropriate. One or moreof these I/O devices may enable communication between a person andcomputer system 60. As an example and not by way of limitation, an I/Odevice may include a keyboard, keypad, microphone, monitor, mouse,printer, scanner, speaker, still camera, stylus, tablet, touch screen,trackball, video camera, another suitable I/O device or a combination oftwo or more of these. An I/O device may include one or more sensors.This disclosure contemplates any suitable I/O devices and any suitableI/O interfaces 68 for them. Where appropriate, I/O interface 68 mayinclude one or more device or software drivers enabling processor 62 todrive one or more of these I/O devices. I/O interface 68 may include oneor more I/O interfaces 68, where appropriate. Although this disclosuredescribes and illustrates a particular I/O interface, this disclosurecontemplates any suitable I/O interface.

In particular embodiments, communication interface 70 includes hardware,software, or both providing one or more interfaces for communication(such as for example, packet-based communication) between computersystem 60 and one or more other computer systems 60 or one or morenetworks. As an example and not by way of limitation, communicationinterface 70 may include a network interface controller (NIC) or networkadapter for communicating with an Ethernet or other wire-based networkor a wireless NIC (WNIC) or wireless adapter for communicating with awireless network, such as a WI-FI network. This disclosure contemplatesany suitable network and any suitable communication interface 70 for it.As an example and not by way of limitation, computer system 60 maycommunicate with an ad hoc network, a personal area network (PAN), alocal area network (LAN), a wide area network (WAN), a metropolitan areanetwork (MAN), or one or more portions of the Internet or a combinationof two or more of these. One or more portions of one or more of thesenetworks may be wired or wireless. As an example, computer system 60 maycommunicate with a wireless PAN (WPAN) (such as for example, a BLUETOOTHWPAN), a WI-FI network, a WI-MAX network, a cellular telephone network(such as, for example, a Global System for Mobile Communications (GSM)network), or other suitable wireless network or a combination of two ormore of these. Computer system 60 may include any suitable communicationinterface 70 for any of these networks, where appropriate. Communicationinterface 70 may include one or more communication interfaces 70, whereappropriate. Although this disclosure describes and illustrates aparticular communication interface, this disclosure contemplates anysuitable communication interface.

In particular embodiments, bus 72 includes hardware, software, or bothcoupling components of computer system 60 to each other. As an exampleand not by way of limitation, bus 72 may include an Accelerated GraphicsPort (AGP) or other graphics bus, an Enhanced Industry StandardArchitecture (EISA) bus, a front-side bus (FSB), a HYPERTRANSPORT (HT)interconnect, an Industry Standard Architecture (ISA) bus, an INFINIBANDinterconnect, a low-pin-count (LPC) bus, a memory bus, a Micro ChannelArchitecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, aPCI-Express (PCIe) bus, a serial advanced technology attachment (SATA)bus, a Video Electronics Standards Association local (VLB) bus, oranother suitable bus or a combination of two or more of these. Bus 72may include one or more buses 72, where appropriate. Although thisdisclosure describes and illustrates a particular bus, this disclosurecontemplates any suitable bus or interconnect.

Herein, a computer-readable non-transitory storage medium or media mayinclude one or more semiconductor-based or other integrated circuits(ICs) (such, as for example, field-programmable gate arrays (FPGAs) orapplication-specific ICs (ASICs)), hard disk drives (HDDs), hybrid harddrives (HHDs), optical discs, optical disc drives (ODDs),magneto-optical discs, magneto-optical drives, floppy diskettes, floppydisk drives (FDDs), magnetic tapes, solid-state drives (SSDs),RAM-drives, SECURE DIGITAL cards or drives, any other suitablecomputer-readable non-transitory storage media, or any suitablecombination of two or more of these, where appropriate. Acomputer-readable non-transitory storage medium may be volatile,non-volatile, or a combination of volatile and non-volatile, whereappropriate.

Herein, “or” is inclusive and not exclusive, unless expressly indicatedotherwise or indicated otherwise by context. Therefore, herein, “A or B”means “A, B, or both,” unless expressly indicated otherwise or indicatedotherwise by context. Moreover, “and” is both joint and several, unlessexpressly indicated otherwise or indicated otherwise by context.Therefore, herein, “A and B” means “A and B, jointly or severally,”unless expressly indicated otherwise or indicated otherwise by context.

The scope of this disclosure encompasses all changes, substitutions,variations, alterations, and modifications to the example embodimentsdescribed or illustrated herein that a person having ordinary skill inthe art would comprehend. The scope of this disclosure is not limited tothe example embodiments described or illustrated herein. Moreover,although this disclosure describes and illustrates respectiveembodiments herein as including particular components, elements,functions, operations, or steps, any of these embodiments may includeany combination or permutation of any of the components, elements,functions, operations, or steps described or illustrated anywhere hereinthat a person having ordinary skill in the art would comprehend.Furthermore, reference in the appended claims to an apparatus or systemor a component of an apparatus or system being adapted to, arranged to,capable of, configured to, enabled to, operable to, or operative toperform a particular function encompasses that apparatus, system,component, whether or not it or that particular function is activated,turned on, or unlocked, as long as that apparatus, system, or componentis so adapted, arranged, capable, configured, enabled, operable, oroperative.

What is claimed is:
 1. A method comprising: by a computing device,providing for presentation to a user a plurality of content objects, afirst subset of the content objects being socially relevant to the user,a second subset of the content objects being socially irrelevant to theuser; by the computing device, receiving input indicating a selection bythe user of a plurality of the presented content objects; by thecomputing device, determining whether the presented content objectsselected by the user are socially relevant or socially irrelevant to theuser, wherein a content object selected by the user is socially relevantto the user if it is associated with a first node that is connected toat least one node corresponding to the user in a social graph, wherein acontent object selected by the user is socially irrelevant to the userif it is associated with a second node that is not connected to at leastone node corresponding to the user in the social graph, and wherein thefirst node is connected to the at least one node corresponding to theuser in a social graph by an edge, the first node also connected to theat least one node corresponding to a concept, the first nodecorresponding to another user, the edge representing a socialrelationship between the other user and the user; by the computingdevice, authenticating the user if the presented content objectsselected by the user are socially relevant to the user; and by thecomputing device, declining to authenticate the user if one or more ofthe presented content objects selected by the user is sociallyirrelevant to the user.
 2. The method of claim 1, wherein the computingdevice is a client computing device.
 3. The method of claim 1, whereindetermining whether the presented content objects selected by the userare socially relevant to the user comprises: sending an indication ofthe selection by the user to a server computing device; and receivingfrom the server computing device an indication of whether the contentobjects selected by the user are socially relevant to the user.
 4. Themethod of claim 1, wherein the presented content objects comprise: aname of another user; an image of the other user; a status update; acheck-in location; a photo; or a video.
 5. The method of claim 1,wherein authenticating the user comprises authenticating the user to thecomputing device.
 6. One or more computer-readable non-transitorystorage media embodying logic configured when executed to: provide forpresentation to a user a plurality of content objects, a first subset ofthe content objects being socially relevant to the user, a second subsetof the content objects not being socially irrelevant to the user;receive input indicating a selection by the user of a plurality of thepresented content objects; determine whether the presented contentobjects selected by the user are socially relevant or sociallyirrelevant to the user, wherein a content object selected by the user issocially relevant to the user if it is associated with a first node thatis connected to at least one node corresponding to the user in a socialgraph, wherein a content object selected by the user is sociallyirrelevant to the user if it is associated with a second node that isnot connected to at least one node corresponding to the user in thesocial graph, and wherein the first node is connected to the at leastone node corresponding to the user in a social graph by an edge, thefirst node also connected to the at least one node corresponding to aconcept, the first node corresponding to another user, the edgerepresenting a social relationship between the other user and the user;authenticate the user if the content objects selected by the user aresocially relevant to the user; and decline to authenticate the user ifone or more of the content objects selected by the user are sociallyirrelevant to the user.
 7. The media of claim 6, wherein the logic isfurther configured to: send an indication of the selection by the userto a server computing device; and receive from the server computingdevice an indication of whether the content objects selected by the userare socially relevant to the user.
 8. The media of claim 6, wherein thelogic is further configured to present the plurality of content objectsto the user on a display of a computing device.
 9. The media of claim 6,wherein the content object comprises: a name of another user; an imageof the other user; a status update; a check-in location; a photo; or avideo.
 10. The media of claim 6, wherein the logic is further configuredto authenticate the user to a computing device.
 11. A method comprising:by a server computing device, sending data to a client computing devicecorresponding to a plurality of content objects, a first subset of thecontent objects being socially relevant to a user, a second subset ofthe content objects being socially irrelevant to the user; by the servercomputing device, receiving input from the client computing deviceindicating a selection by the user of a plurality of the presentedcontent objects; and by the server computing device, sending anindication to the client computing device of whether the presentedcontent objects selected by the user are socially relevant to the user,the user being authenticated by the client computing device based atleast in part on whether the content objects selected by the user aresocially relevant to the user, wherein a content object selected by theuser is socially relevant to the user if it is associated with a firstnode that is connected to at least one node corresponding to the user ina social graph, wherein a content object selected by the user issocially irrelevant to the user if it is associated with a second nodethat is not connected to at least one node corresponding to the user inthe social graph, wherein the first node is connected to the at leastone node corresponding to the user in a social graph by an edge, thefirst node also connected to the at least one node corresponding to aconcept, the first node corresponding to another user, the edgerepresenting a social relationship between the other user and the user.12. The method of claim 11, further comprising selecting one or morecontent objects socially relevant to the user stored on asocial-networking system based on social-graph information associatedwith the user.
 13. The method of claim 11, wherein the content objectcomprises: a name of another user; an image of the other user; a statusupdate; a check-in location; a photo; or a video.
 14. The method ofclaim 11, wherein the client computing device is a mobile device. 15.The method of claim 1, wherein the computing device is a mobile device.16. The media of claim 6, wherein the computing device is a mobiledevice.